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DETAILED ACTION 

1 . The text of those sections of Title 35, U.S.Code not included in this section can be 
found in the prior office action. 

2. The prior office actions are incorporated herein by reference. In particular, the 
observations with respect to claim language, and response to previously 
presented arguments. 

3. Claims 1-20 have been amended. 

4. Claims 1-20 are pending. 

5. Examiner withdraws objection to the drawings and specification due to correction 
by the applicant. 

6. Examiner withdraws rejection of claims under 35 U.S.C 1 12-second paragraphs 
due to correction by the applicant. 

Response to Arguments 

7. Applicant's arguments filed 12/30/2004 have been fully considered but they are 
not persuasive with respect to claims 9-13 and 15-20. 



• In response to applicant's argument that the references fail to show certain 

features of applicant's invention, it is noted that the features upon which applicant 
relies (i.e. " modifying password"; "master password", "changing the secure file to 
be accessible with the master password absent accessing the database of 
passwords" ) are not recited in the rejected claim(s). Although the claims are 
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interpreted in light of ttie specification, limitations from the specification are not 
read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 
(Fed.Cir. 1993). 

Examiner however considers Nelson's second password that accesses the 
password database as corresponding to Applicant's second password. The 
passwords in the database do safe guard the files since by choosing those 
password one can access the files. 

Claim Rejections - 35 USC § 103 

8. Claims 9-10 are rejected under 35 U.S.C. 103(a) as being unpatentable over He 
(5,944,824 A) in view of Brown et al (6,618,806 B1). 

As per claim 9 He (5,944,824 A) teach a method of providing improved security for files 
accessible by password data entry (see col.2, lines 25-28 where a method of 
accessibility of a system using password that addresses the security of the 
system is disclosed) comprising the steps of: selecting a secured data file (see coL1, 
lines 23-30 where NEs are described as switches, databases and other network 
resources. Examiner considers other network resources corresponds to 
Applicant's secure data file since secure data file is a resource; fig. 12, item 312- 
322 disclose the process of returning the list of NEs or secure files, item 324 
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disclose selection of the user from the list and therefore selecting the NE user 
request access as depicted in item 326); providing a password database (see col.10, 
lines 37-40 disclose database of 13 is located within the security server 15; col.9, 
lines 29-31 disclose passwords are stored in the security server database where 
the database 13 corresponds to password database of Applicant; col. 10, lines 42- 
54 disclose the records of user accounts store in the database 13 contains field 
such as present password or new password); when the individual is authorized (see 
fig-5, item 104 where user is authenticated), retrieving the secure password fronn the 
database (see fig.4, item 92 where retrieve user's password for accessing reasons 
are being done by recovery procedure that could be manual or automatic) and 
autonnatically providing the secure password to the selected secured file password entry 
subsystem (see fig.4, item 79, 84, 88 and 98; coL8, lines 9-15 disclose determining 
a secure password for entry subsystem NEs and item 79, 84 and 86, 96 where the 
password generation and recovery or retrieving may be automatic and secure 
since it is protected); autonnatically determining a secure password identifier 
associated with the secured data file (see item 312 of fig.12 where passwords 
corresponding to NEs or secure files and user accounts are created; col.14, lines 
44-47 disclose the log-on procedure is automatic and therefore such association 
is determined automatically) but do not explicitly determining a user authorization 
method having an associated security level sufficient for accessing the secure 
password; authorizing an individual according to the secure authorization method. 
However Brown et al (6,618,806 B1) teach determining a user authorization method 



Application/Control Number: 09/625,547 Page 5 

Art Unit: 2132 

having an associated security level sufficient for accessing the secure password; 
authorizing an individual according to the secure authorization nnethod (see coL5, lines 
5-29 where based on different set of instructions tiiat corresponds to Applicant's 
associated security level a different biometric challenge being conducted that 
corresponds to Applicant's different methods and if verified the secure password 
is being retrieved for access); authorizing an individual according to the secure 
authorization method (see coLS, lines 5-29 where based on the verification of 
biometric challenge authorization is being done by verification; col.8, lines 37-65 
details the different authorization method or authentication). It would have been 
obvious to one of ordinary skilled in the art at the time the invention was made to utilize 
Brown's biometric authorization methods that corresponds to different rules based on 
different instructions where the biometric information's are stored in the database in 
He's single sign-on NEs databases method of access authentication in order to provide 
an authentication rule associated with a user based on different parameters of biometric 
data of a user. 

As per claim 10 He (5,944,824 A) teach the method of providing improved security for 
files accessible by password data entry as defined in claim 9 wherein the password 
database comprises a plurality of passwords (see col.9, lines 29-30 disclose 
database stores passwords that corresponds to a plurality of password and col.4, 
lines 14-18 where it disclose databases) and wherein the step of determining a 
secure password identifier comprises the step of determining a password from the 
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plurality of passwords for use in accessing data within the secured data file (see col-6, 
lines 13-23 disclose autliorization uses an access control list for NEs entries by a 
user; col.5, lines 7-14 disclose based on selection of a password of a user and 
authentication access is being granted). 



Claim Rejections - 35 USC § 102 

9. Claims 11 and 15-19 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Nielson (6,182,229 61). 

As per claim 11 Nielson (6,182,229 B1) teach a method of changing a first password 
for securing files accessible by password data entry comprising the steps of: 
determining a plurality of files secured with a first password (see coL3, Iine67 and 
col.4, lines 1-2 where passwords within the database protect the remote server; 
col.3, lines 12-22 where a table with each entry of URL specifies the site access 
protocol and the name of the site where each URLs corresponds to plurality of 
files (please see definition of URL in a computer dictionary), and the encrypted 
password that corresponding to a uri file as depicted in fig.2 corresponds to 
Applicant's first password that secure the file) ; providing a second other password 
for securing the plurality of files ( see col-3, lines 21-24 disclose a master password 
that being used to encrypt the passwords for the remote server entry and 
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possibly the ids, this master password corresponds to the second password that 
protects security for the uris by encrypting the access password of uri); for each 
file secured with the first password, accessing the file with the first password (see fig.2 
where the first password corresponds the uri is used to access the web site once 
is decrypted, it also can be done manually or automatically) and securing the file 
with the second other password (see col.3, lines 21-24 disclose a master password 
that being used to encrypt the passwords for the remote server entry and 
possibly the ids, this master password corresponds to the second password that 
protects security for the urIs that corresponds to files that are being secured) ; 
storing the second other password in the password database (see col.4, lines 34-36 
where it disclose the master password that corresponds to Applicant's second 
password is stored in the memory; fig.3, item 312 and 314 disclose the master 
password or second password stored in the password database). 

As per claim 15 Nielson (6,182,229 B1) teach the method of changing a first password 
for securing files accessible by password data entry as defined in claim 1 1 wherein the 
step of determining a plurality of files secured with the first password comprises the step 
of determining from the password database, files associated with the first password 
(see col.3, Iine67 and col.4, lines 1-2 where passwords within the database 
protect the remote server; col.3, lines 12-22 where a table with each entry of URL 
specifies the site access protocol and the name of the site where each URLs 
corresponds to plurality of secure files and the encrypted password 
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corresponding to a uri file as depicted in fig. 2 corresponds to Applicant's first 
password). 

As per claim 16 Nielson (6,182,229 B1 ) teach the method of changing a first password 
for securing files accessible by password data entry as defined in claim 15 wherein 
those files associated with the first password are identified because they are identified 
by an identifier associated with the first password (see fig .2 where user id associate 
witli their corresponding password and file urI; col.3, lines 48-53 where the 
association with controlled web site or a page. Examiner has considered address 
of secure web site URL as a file that need password for access since urI address 
could corresponds to a particular file for access). 

As per claim 17 Nielson (6,182,229 B1) teach the method of changing a first password 
for securing files accessible by password data entry as defined in claim 1 1 wherein the 
step of determining a plurality of files secured with the first password comprises the step 
of determining from accessible files, those files associated with the first password (see 
fig.2 where user id associate with their corresponding password and file urI; 
col.3, lines 48-53 where the association with controlled web site or a page. 
Examiner has considered address of secure web site URL as a file that need 
password for access since urI address could corresponds to a particular file for 
access and they are secure since the password and possibly user IDs are 
encrypted as depicted in fig.2). 
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As per claim 18 Nielson (6,182,229 B1) teach the method of changing a first password 
for securing files accessible by password data entry as defined in claim 1 1 wherein the 
step of providing a second other password includes the step of automatically generating 
the second other password (see col.5, lines 555-61 where it disclose passwords can 
be generated automatically by password management). 

As per claim 19 Nielson (6,1 82,229 B1 ) teach the method of changing a first password 
for securing files accessible by password data entry as defined in claim 18 wherein the 
method of changing first password is automatically repeated at intervals (see col. 19-20 
where it disclose the password particular to specific site (URL address (file) could 
be random for enhancing the security where such password corresponds to 
Applicant's first password as detailed in claim 11 above). 

10. Claims 12, 13 and 20 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Nielson (6,182,229 B1) in view of Bellemore et al (6,145,086 
A). 

As per claim 12 Nielson (6,182,229 B1) teach all limitation of the claim but do not 
explicitly disclose the step of changing password includes: archiving the first password 
for use in accessing archival files secured with the first password. However Bellemore 
et al (6,145,086 A) disclose security and password mechanism with relationship to a 
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database where the process of changing a password includes archiving the password 
as old password (see col.5, lines 23-27 where it disclose history table contains 
used password as also depicted in fig.5, item 209). It would have been obvious to 
one of ordinary skilled in the art at the tinne the invention was made to utilize Bellemore 
et al's history table in Neilson's password database in order to archive old passwords 
for approval of new password and by comparison means to be sure the new password 
does not be the same as last N old passwords. 

As per claim 13 Nielson (6,182,229 B1) teach all limitation of the claim but do not 
explicitly disclose the step of authorizing an individual requesting a change of the first 
password prior to changing the first password. However Bellemore et al (6,145,086 A) 
disclose the step of authorizing an individual requesting a change of the first password 
prior to changing the first password (see coL6, lines 58-63 where the request for 
change of password is being done by client that corresponds to Applicant's 
individual). It would have been obvious to one of ordinary skilled in the art at the time 
the invention was made to utilize Bellemore et al's history table and password change 
request in Neilson's password database security method in order to determine whether 
the proposed password may be used as a password by archive old passwords for 
approval of new password and by comparison means to be sure the new password 
does not be the same as last N old passwords . 
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As per claim 20 Nielson (6,182,229 B1 ) teach the method of changing first password is 
automatically repeated at intervals (see col.19-20 where it disclose the password 
particular to specific site (URL address (file) could be random for enhancing the 
security where such password corresponds to Applicant's first password as 
detailed in claim 11 above) but do not disclose explicitly changing the password is 
repeated upon detection of a breach of a password and upon expiry of a password. 
However Bellemore et al (6,145,086 A) disclose the method of automatically changing 
the password is repeated upon detection of a breach of a password and upon expiry of 
a password (see fig.3, item 310, 314 and 318 where determination is made for 
breach of a password by monitoring the number of failed attempt; item 360, 370 
and 328 in fig.3 represent the expiry of password monitoring). It would have been 
obvious to one of ordinary skilled in the art at the time the invention was made to utilize 
Bellemore et al's history table and password change rules in Neilson's password 
database automatic password generation security method in order to invoke a security 
process in response to client transmission of a connection message to the database 
management. 

Conclusion 

1 1 .Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kambiz Zand whose telephone number is (571 ) 
272-381 1 . The examiner can normally reached on Monday-Thursday (8:00-5:00). 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 



Application/Control Number: 09/625,547 Page 12 

Art Unit: 2132 

supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone 
numbers for the organization where this application or proceeding is assigned as 
(703) 872-9306. Information regarding the status of an application may be 
obtained from the Patent Application Information Retrieval (PAIR) system. Status 
information for published applications may be obtained from either Private PAIR 
or Public PAIR. Status information for unpublished applications is available 
through Private PAIR only. For more information about the PAIR system, see 
http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 
(toll-free). 




Kambiz Zand 
05/12/2005 
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